ramnit | ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 01:44

Target

ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll
Size

38KB
MD5

3c1e3f70d047493c75718f83b6cc38ed
SHA1

5d482de43b196641b28f487a959ac13a9a55ddc1
SHA256

ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba
SHA512

509339039d364ce7b7cfe4dcd2f5673becb00ee85bd1bb1c9e336b626826a00d85eab5a227b063eef0f5ba471777fac89b7c5f81236346bcce1df92fd584dba7
SSDEEP

768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7HsXU76m2sRGVV:WD8w22laSR0V+3CJrVmXczJR

Score

10^/10

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\dmlconf.dat	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe
PID 1772 wrote to memory of 2772	1772	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll,#1
2⤵
- Drops file in System32 directory
PID:2772

memory/2772-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2772-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download